Firms ‘failing to install security updates’
Dubai, April 28, 2013
Although there are dedicated technologies which can automatically download and install security updates, these are rarely used – even by companies that have implemented client system management tools, a report said.
Only 35 per cent of all companies automatically install updates, according to a recent study by market research specialists B2B International. Meanwhile, cybercriminals often use unpatched vulnerabilities in outdated software to penetrate a company’s IT infrastructure.
Cybercriminals use a popular tool – exploits – to achieve these goals. Exploits are malicious objects that use vulnerabilities in operating systems and applications to infect computers.
These exploits are often used to launch attacks on companies since even corporate security solutions often struggle to detect and destroy them. A good way to forestall threats is to eliminate vulnerabilities as fast as possible by installing software patches. However, it can be difficult for many companies to install updates promptly on a large number of workstations, the study noted.
B2B International surveyed over 5,000 high-ranking IT managers working for different companies all over the world on behalf of Kaspersky Lab, a top IT security company.
Among other questions, the study asked about the use of any technology to automatically install updates on corporate workstations. The findings were surprising: even among companies with client management systems in place, only 35 per cent used this technology.
Updates are generally designed to enhance software performance and stability. From a security standpoint, they are even more important – updates can eliminate vulnerabilities which might allow cybercriminals to infect corporate workstations.
Here, the speed with which updates are installed is just as important as installing the update in the first place: the sooner the IT department updates vulnerable software on all corporate workstations, the less likely it is that cybercriminals can launch a successful attack exploiting a vulnerability.
Incidentally, cybercriminals tend to choose the most widespread programs as an attack medium, the study said.
According to Kaspersky Lab data, Java is the most popular with cybercriminals: 50 per cent of all exploits in 2012 targeted this platform. Adobe Acrobat Reader is the second most popular, with a share of 28 per cent. These are standard pieces of software installed on huge numbers of corporate workstations – and that means it’s not just a few machines, but most of the computers on any given network that are at risk.
To ensure that updates are downloaded and installed with absolute timeliness and regularity, one option would be to invest heavily in IT man-hours, manually installing every upgrade on every machine.
This, of course, is both costly and potentially unreliable, the study said.
Neglecting the problem entirely, on the other hand, is likely to weaken corporate security and could potentially lead to serious losses for the business. Implementing a dedicated automation tool is a far more practical solution, according to the study. – TradeArabia News Service